Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/b2b00c31f48c86a1bde7f3e6c07752d1c9195cea (Use UnownedPtr<> in JBig2_GrdProc.h).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

CL at https://pdfium-review.googlesource.com/c/pdfium/+/40890

 Issue 876288  has been merged into this issue.

This crash occurs very frequently on mac platform and is likely preventing the fuzzer ifratric_acrojs from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fc5a4ccc9a0c2008dc7f6fa1788e22c2d64d5e2d

commit fc5a4ccc9a0c2008dc7f6fa1788e22c2d64d5e2d
Author: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Wed Aug 22 16:54:47 2018

Roll src/third_party/pdfium 94822b57c10e..3caad939aead (20 commits)

https://pdfium.googlesource.com/pdfium.git/+log/94822b57c10e..3caad939aead


git log 94822b57c10e..3caad939aead --date=short --no-merges --format='%ad %ae %s'
2018-08-22 thestig@chromium.org Roll tools/clang/ dec27d726..13b165992 (29 commits)
2018-08-22 thestig@chromium.org Roll third_party/depot_tools/ 5484b866d..02d534031 (93 commits; 18 trivial rolls)
2018-08-22 thestig@chromium.org Roll third_party/zlib/ 39b4a6260..dcf1d0f8c (6 commits)
2018-08-22 thestig@chromium.org Roll third_party/binutils/ e146228c2..4110e0919 (2 commits)
2018-08-22 thestig@chromium.org Roll third_party/googletest/src/ ce468a17c..d52663267 (62 commits)
2018-08-21 tsepez@chromium.org Use UnownedPtr in CPDF_VariableText
2018-08-21 tsepez@chromium.org Use UnownedPtr<> to theme provider in cfwl_widgetproperties.h
2018-08-21 tsepez@chromium.org Use UnownedPtr<> in xfa_resolvenode_rs.h
2018-08-21 hnakashima@chromium.org Remove dead code in CBC_CommonBitMatrix.
2018-08-21 tsepez@chromium.org Use UnownedPtr<> in JBIG2_SDDProc.
2018-08-21 tsepez@chromium.org Use UnownedPtr<> in JBig2_GrrdProc.h.
2018-08-21 hnakashima@chromium.org Remove excessive padding above and below PDF417 barcodes.
2018-08-21 tsepez@chromium.org Use UnownedPtr<> in CJBig2_TRDProc.
2018-08-21 tsepez@chromium.org Avoid copying some big vectors in JBIG2_SymbolDict
2018-08-21 thestig@chromium.org Change GetEmbbedObj() to return an Optional<WideString>.
2018-08-21 tsepez@chromium.org Fix lifetime issue in CJBig2_GRDProc::ProgressiveArithDecodeState
2018-08-21 tsepez@chromium.org Allow creation of a MaybeOwned<T> from UnownedPtr<T>.
2018-08-21 hnakashima@chromium.org Optimize rendering of two dimensional barcodes: defer upscale.
2018-08-21 thestig@chromium.org Fix some IWYU issues in xfa/fxfa/.
2018-08-21 hnakashima@chromium.org Fix one-of property JS errors.


Created with:
  gclient setdep -r src/third_party/pdfium@3caad939aead

The AutoRoll server is located here: https://pdfium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.



BUG= chromium:876222 , chromium:872907 , chromium:872899 
TBR=dsinclair@chromium.org

Change-Id: Ia5aa435aa788b862aaf0c474dd646807a687166b
Reviewed-on: https://chromium-review.googlesource.com/1184402
Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#585095}
[modify] https://crrev.com/fc5a4ccc9a0c2008dc7f6fa1788e22c2d64d5e2d/DEPS

ClusterFuzz has detected this issue as fixed in range 585079:585103.

Detailed report: https://clusterfuzz.com/testcase?key=5215005172301824

Fuzzer: ifratric_acrojs
Job Type: linux_asan_pdfium
Platform Id: linux

Crash Type: Container-overflow READ 1
Crash Address: 0x7f3a625f5800
Crash State:
  CJBig2_GRDProc::ProgressiveArithDecodeState::~ProgressiveArithDecodeState
  CJBig2_Context::ParseGenericRegion
  CJBig2_Context::ProcessingParseSegmentData
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=584639:584640
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=585079:585103

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5215005172301824

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5215005172301824 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot